In this post we are writing about DDoS attacks. We must agree that the best way to approach this subject is by preparing ourselves to protect from such menaces. We have set some good practices to increase security and avoid DDoS attacks. Be it width attack and band exhaust, or attacks to resources exhausting.
To fight against DDoS attacks, you shall clearly understand what happens during the attack. In a simplified way, DDoS attacks act through the use of server’s vulnerabilities. Also, resources manipulators such as memory, or consuming hard drive space.
Essential tips to DDoS protection
- If only a few computers are the source of the attack and you have been able to identify the IP addresses that originate it, then you put an access control list (ACL) on the server firewall to block access from these Ips. When possible, change the server IP address for a period of time, but if the attacker could resolve the newly configured IP by querying your DNS server, this is no longer valid.
- If you are sure that the attack comes from a certain country, consider blocking the country’s IP at least for some limited time.
- Monitoring incoming traffic from your network. This way you can know who is visiting your network and can monitor the exception for the visitor. Usually before a large-scale attack, an attacker can use a small number of attacks to test the robustness of your network.
- The best but also the most expensive solution to the attacks which consume the bandwidth would be to get more width.
- You can also use a high performance software to load balance and deploy it in different data centers.
- Optimize resource usage to improve web server load capacity. For example, the use of apachebooster. Apachebooster cPanel is basically a sophisticated plugin designed to improve the overall performance of a server. Integrated with Nginx and Varnish Apachebooster increases the work capacity and capacity of servers, making them faster. Easy to install and zero maintenance Apachebooster offers the ideal solution for a low performance server. Once you install AB on your server you can practically be worry free about how your server works.
- Consider the Cloudflare business solution, which can provide protection for Layer 7 DNS DDOS or TCP/IP attack. Cloudflare’s advanced DDoS protection, provisioned as a service on the network edge, equals the sophistication and scale threats and can mitigate DDoS attacks of all shapes and sizes including those targeting UDP and ICMP protocols, such as SYN/ACK, DNS amplification, and layer 7 attacks.
- You can also use third party services to protect your site. There are many companies that offer these services, providing a high performance network with basic installation to help you withstand denial of service attacks. You may only pay hundreds of dollars a month, in some cases.
- Always pay attention to your server configuration for security issues to avoid resource depletion caused by DDOS attacks.
- Listen to specialists, to be always updated about the subject.
- Monitoring network traffic from your servers, especially web servers. If you can configure some analytics tools, such as StatCounter and Google Analytics, with them you can visually and more easily understand the pattern of traffic changes and get more information from it.
- Disable ICMP on the router. Open ICMP only when it requires testing. When configuring your router, consider the following strategies: flow control, packet filtering, half-connection timeout, disable ICMP and UDP broadcast.
By following these good practices you should be protected from DDOS attacks. We hope it can be useful for you.